docs: note that clients need to have ACLs enabled (#11799)

Client endpoints such as `alloc exec` are enforced on the client if
the API client or CLI has "line of sight" to the client. This is
already in the Learn guide but having it in the ACL configuration docs
would be helpful.
This commit is contained in:
Tim Gross 2022-01-07 16:18:41 -05:00 committed by GitHub
parent 5eda9be7b0
commit fa64822e49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -25,7 +25,10 @@ acl {
## `acl` Parameters
- `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other
ACL configuration options depend on this value.
ACL configuration options depend on this value. Note that the Nomad command
line client will send requests for client endpoints such as `alloc exec`
directly to Nomad clients whenever they are accessible. In this scenario, the
client will enforce ACLs, so both servers and clients should have ACLs enabled.
- `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for
cached ACL tokens. This does not affect servers, since they do not cache tokens.